Sauron: A new and highly effective government hacking malware

Security researchers are always busy making discoveries and helping us better protect our online data. Recently, a group of researchers found a five-year-old government hacking malware that targets military, governments, telecommunication companies and scientific research institutions.

The malware, called Sauron, is affiliated with a national government considering its level of sophistication and targets that include governments of Rwanda, Russia and Iran.

Kaspersky Lab first discovered the malware in September 2015. The researchers at Kaspersky have been investigating the malware since and have reason to believe the malware has been in use since 2011.

They called it Sauron because of the string of code that displays the name Sauron. Sauron is a famous name among The Lord of The Rings fans, as it is a malicious entity that causes the creation of the Ring of Doom as it struggles to conquer the Middle Earth.

Kaspersky describes the malware as “top-of-the-top module cyber spying platform due to its technical sophistication, crafted to to allow long-term spying campaigns.” The description goes on and on in very technical terms. But what Kaspersky is trying to put across is that Sauron is an advanced malware that draws inspiration from other government hacking malware. The traces the malware leaves behind vary with every target making the malware impossible to track and defend against.

Kaspersky claims that the cyber-espionage malware is supposed to collect highly sensitive information from the targets. The malware leaves all key entities of the target institution compromised.

The researchers reported that more than 30 organisations in Russia, Rwanda and Iran were compromised. They speculate that many more governments and organisations in other geographies are victims too. Kaspersky warns that the targets could include governments, scientific research institutions, the military, telecommunication firms and finance institutions.

Kaspersky indicated that Sauron has a particular interest in encrypted data. Encryption software are common in governments and private institutions as they help protect confidential data from prying eyes. Sauron steals the encryption keys and reveals all IP addresses of the targets.

Kaspersky is not sure who is behind Sauron. There are several attacker mistakes, and the company can be confident about several attributes pointing towards about a particular country. However, the security research firm is cautious that these might be deliberate pointers left there so that people can easily blame a certain nation. The firm pointed out that all text in the malware code is in English. Also, the researchers are quite certain that the malware is coded in Latin characters.

For now, the people responsible remain in the wind. The malware takes a lot from other government attacking malware reported in the past. Probably, Sauron is related to one of the previous malware such as Flame and Reign.